Serious security issue with popular mobile wallets (Apple and Google Pay)

Fraudulent transactions involving the most popular mobile wallets have been on the rise recently, and unfortunately Revolut is also heavily affected by this problem.

In a nutshell: The malicious software called Financial RAT can monitor the users’ computer, waiting for them to enter card details when making a purchase online. In addition, it also monitors whether the computer has SMS mirroring turned on, and if not, silently turns it on (to circumvent two-factor authentication). Last but not least, it keeps a log of when the user is typically inactive.

With the information obtained, card details, and SMS for two-factor authentication, fraudsters can easily add any Revolut card to an Apple or Google Pay wallet, and then make unlimited purchases from the available Revolut balance at some specific merchants on the darkweb. As the mobile wallets in question require a passcode or biometric identification for each transaction, Revolut’s fraud analysis system is much more lax in checking transactions made with Apple/Google Pay.

In contrast to some other financial service providers (e.g. Monese), Revolut does not send any other notification (via email or push) to the user other than the mentioned 2FA SMS after the card is added to an Apple/Google Pay wallet. In addition, Revolut cards cannot be set to a daily purchase limit, much to the delight of fraudsters.


every reason to use single use cards when shopping online?


Yes, that can be a safe solution in many cases, but what if you need to add a standard, non-single use card to any subscription service (like Netflix) or to PayPal, for example?

I think Revolut should send more extensive security notifications to its customers when a card is added to an Apple or Google Pay wallet.

1 Like

case of damned if you do and damned if you don’t it seems.
There was a comment in another topic suggesting that notifications about account activity be disabled…
Not a good idea in my estimation. Notifications are soo important to maintain control of your account.


We discourage any use of RAT (remote access tools) to customers where I work (UK bank), as this sort of stuff is possible. Whether it be pc or mobile, we ask customers to reconsider having it on the same device as their banking app/logins.


Do I understand correctly that the malicious software called Financial RAT is installed on a PC / Desktop ? Or is software like this available in the Google and Apple stores for mobile devices ?

1 Like

The former, so it can infect various computers.

1 Like

RAT refers to two types of software.

Remote Administration Tools are a very common tool for all kinds of fraud. Those spam emails telling you your Norton software is expired and you should renew it immediately often rely on it as well. Someone at some point convinces you to install it, during a phone call for example. Or it’s installed without your knowledge and you’re tricked into giving it access to your system. Many phone scams work with this. Team Viewer for example is a RAT tool. There are of course legitimate use cases for RAT, like remote support.

RAT tools are available for all desktop and mobile software platforms. But it’s easier to pull it off on desktop computers.

Remote Access Trojans are also called RAT. Trojans can be installed in a number of ways. Downloads, torrent files, email attachments … and also rely to some extend on the user to actively granting the software access. They might allow to change settings, monitor user behaviour, copy and delete files, access network resources, use the internet bandwidth for criminal activity. Desktops are historically more affected, but there are a number of known trojans for Android as well. Some banking apps on Android for example don’t allow screenshots because it’s a security risk.